Do the proposed IPA changes go far enough?

Do the proposed IPA changes go far enough?

The Government has launched a consultation on fresh changes to the Investigatory Powers Act (IPA) - nicknamed the Snoopers’ Charter - following the ruling late last year by the Court of Justice of the European Union (CJEU) that much of the legislation is unlawful. As regular readers of our blog will know, Entanet has repeatedly voiced concerns about the IPA and in particular its obvious inability to coexist with further legislation such as GDPR and the new Data Protection Bill. How can the Government insist on ISPs collating masses of data on one hand, yet give users improved rights such as the ‘right to be forgotten’ on the other? Not to mention the issues of privacy invasion and data security.

13 December 2017

[caption id="attachment_135" align="alignleft" width="128"]Paul Paul Heritage-Redpath, Product Manager[/caption] The Government has launched a consultation on fresh changes to the Investigatory Powers Act (IPA) - nicknamed the Snoopers’ Charter - following the ruling late last year by the Court of Justice of the European Union (CJEU) that much of the legislation is unlawful. As regular readers of our blog will know, Entanet has repeatedly voiced concerns about the IPA and in particular its obvious inability to coexist with further legislation such as GDPR and the new Data Protection Bill. How can the Government insist on ISPs collating masses of data on one hand, yet give users improved rights such as the ‘right to be forgotten’ on the other? Not to mention the issues of privacy invasion and data security. What will the consultation cover? The changes outlined in the seven-week consultation are:
  • The introduction of an independent authorisation of communications data requests by a new body, known as the Office for Communications Data Authorisations, under the investigatory powers commissioner, Lord Justice Fulford - but with a giant loophole in the form of “urgent” cases, where the police can still grant themselves powers.
  • Restricting the use of communications data to investigations into “serious crime”.
  • Additional safeguards which must be taken into account before a data retention notice can be given to a telecommunications or postal operator.
  • Clarification of the circumstances in which notification of those whose communications data has been accessed can occur.
  • Mandatory guidance on the protection of retained data in line with European data protection standards.
[Source: computerworlduk.com/] A ‘communications data code of practice’ has also been published by the government for consultation. This sets out how the safeguards governing the retention of communications data by telecommunications operators and its acquisition by public authorities will operate. Descoping public health, tax collection and financial market regulation as permitted purposes and adding a third definition of “serious crime” to the statute book at least somewhat mitigates the frequency with which stage agencies can access our collective data, but it does not address the fundamental fact that all this information will still need to be collected and retained...which is a significant part of the risk to data security. In the case of this Bill, defining as “serious” any offence “capable” of being punished by 6 months in prison, or which involves the sending of a communication, is so broad as to border on the absurd. It’s also still unclear how this legislation tallies with the EU’s forthcoming General Data Protection Regulation which will introduce a ‘right to be forgotten’, meaning an individual can request their personal data be erased (including from social media sites). Whilst we are pleased to see the Government attempting to amend the IPA and take into consideration some of the key concerns that have been raised in the past, as yet it doesn’t appear to go far enough to tackle the major issues of coexisting with GDPR and data security. We will be interested to see the outcomes of the consultation period and if the CJEU accept the amendments. In the meantime, Liberty will be challenging mass retention of data in court in February. To view the consultation in full see: https://www.gov.uk/government/consultations/investigatory-powers-act-2016 Have your say! Do you think the proposals outlined in the Government’s new IPA consultation go far enough? Do you think it’s possible for the IPA and GDPR legislation to exist side by side? Share your thoughts by leaving us a comment below. Related articles Further Information [subscribe2]

CityFibre News

With network projects in over 60 cities and construction underway to reach up to 8 million homes